WordPress Plugin Vulnerabilities

Simple 301 Redirects Addon Bulk Uploader <= 1.2.4 - Multiple Issues

Description

Unauthenticated option changes vulnerability that could allow an attacker to redirect all pages and posts of the blog to a malicious website, as well as an authenticated options export/deletion vulnerability.

Affects Plugins

Plugin icon
simple-301-redirects-addon-bulk-uploader
Fixed in 1.2.5

References

CVE
CVE-2019-15776
CVE
CVE-2019-15818
URL
https://blog.nintechnet.com/unauthenticated-option-changes-in-wordpress-simple-301-redirects-addon-bulk-uploader-plugin/

Miscellaneous

Original Researcher
Jerome Bruandet (nintechnet.com)
Verified
No
WPVDB ID
536ca514-f4ae-438c-8df3-2f733193507a

Timeline

Publicly Published
2019-08-10 (about 6 years ago)
Added
2019-08-10 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2014-11-10
Title
Another WordPress Classifieds Plugin < 3.0 - SQLi & XSS
Published
2014-09-17
Title
Ready! Ecommerce 0.5.0 - CSRF & XSS
Published
2019-08-12
Title
Cforms & CformsII <= 15.0.1 - Unauthenticated HTML Injection & CSRF
Published
2019-07-09
Title
Icegram < 1.10.29 - CSRF to Stored XSS
Published
2014-12-20
Title
Post to Twitter <= 0.7 - CSRF & XSS